diff --git a/machines/vueko/configuration.nix b/machines/vueko/configuration.nix index 2fc8c36..cfcd6ee 100644 --- a/machines/vueko/configuration.nix +++ b/machines/vueko/configuration.nix @@ -26,7 +26,6 @@ ]; autoconfig.enable = true; users = import ./secrets/mail-users.nix; - rejectSenders = import ./secrets/mail-reject-senders.nix; }; }; diff --git a/machines/vueko/secrets/mail-reject-senders.nix b/machines/vueko/secrets/mail-reject-senders.nix deleted file mode 100644 index f4d1255..0000000 Binary files a/machines/vueko/secrets/mail-reject-senders.nix and /dev/null differ diff --git a/modules/mailserver/default.nix b/modules/mailserver/default.nix index de75815..6c7aeed 100644 --- a/modules/mailserver/default.nix +++ b/modules/mailserver/default.nix @@ -79,15 +79,6 @@ in "/^\\s*X-Originating-IP:/" ]; }; - rejectSenders = mkOption { - type = listOf str; - description = "A list of senders to reject mails from"; - default = [ ]; - example = [ - "newsletter@example.com" - "spammer@example.com" - ]; - }; }; imports = [ diff --git a/modules/mailserver/postfix.nix b/modules/mailserver/postfix.nix index 2dbd116..3311674 100644 --- a/modules/mailserver/postfix.nix +++ b/modules/mailserver/postfix.nix @@ -28,13 +28,6 @@ let valiases = pkgs.writeText "valiases" aliasesString; - access_sender = pkgs.writeText - "access_sender" - (lib.concatMapStringsSep - "\n" - (sender: "${sender} REJECT") - cfg.rejectSenders); - submissionHeaderCleanupRules = pkgs.writeText "submission_header_cleanup_rules" (lib.concatMapStringsSep "\n" @@ -57,7 +50,7 @@ lib.mkIf cfg.enable { recipientDelimiter = "+"; mapFiles = { - inherit access_sender valiases; + inherit valiases; }; config = { @@ -86,7 +79,6 @@ lib.mkIf cfg.enable { ]; smtpd_sender_restrictions = listToString [ - "check_sender_access hash:/var/lib/postfix/conf/access_sender" "reject_non_fqdn_sender" "reject_unknown_sender_domain" ]; diff --git a/modules/mailserver/rspamd.nix b/modules/mailserver/rspamd.nix index 82866ee..59d686f 100644 --- a/modules/mailserver/rspamd.nix +++ b/modules/mailserver/rspamd.nix @@ -43,6 +43,16 @@ in extended_spam_headers = true; ''; "multimap.conf".text = '' + SENDER_BLOCKED { + type = "from"; + filter = "email:addr"; + map = "/var/lib/rspamd/blocked_senders.map"; + symbol = "SENDER_BLOCKED"; + description = "Sender’s address is manually blocked"; + prefilter = true; + action = "reject"; + score = 30.0; + } SENDER_DOMAIN_BLOCKED { type = "from"; filter = "email:domain:tld";